PERSONAL DATA PROCESSING

Business company NAYAVITA s.r.o., with its registered office at Radniční 133/1, 370 01 České Budějovice, Czech Republic, IČ: 09435271, entered in the Commercial Register kept by the Regional Court in České Budějovice, Section C, Insert 30198 (hereinafter referred to as the „administrator“) with the provisions of Article 12 et seq. Regulation (EU) 2016/679 of the European Parliament and of the Council, effective from 25 May 2018, informs its customers about the processing of their personal data if they use their services.

I. PERSONAL DATA

  1. The administrator declares that it collects, processes and uses the customer’s personal data in accordance with the relevant provisions of the Personal Data Protection Act and the General Regulation on Personal Data Protection (GDPR).
  2. Personal data is information on the personal or factual circumstances of an identified or identifiable natural person (Article 4 (1) of the GDPR).
  3. The administrator primarily processes data obtained directly from the customer. This is the data that the customer provides as part of order processing. The data is transmitted in encrypted form using the SSL protocol. This category does not include statistical data that cannot be directly linked to the customer’s person and that the administrator collects, for example, when visiting an e-shop.
  4. The administrator will process your following personal data and possibly other data necessary for the purpose of processing:
    • Name and surname
    • Address
    • Phone number
    • E-mail address

II. PURPOSE OF PROCESSING

  1. The purpose of processing personal data is to fulfill the legal obligations of the administrator arising from the content of the concluded agreement between you as the buyer and the administrator as the seller, and to fulfill the legal obligations of the administrator arising from generally binding legal regulations.
  2. The purpose of processing can further be for instance answers to suggestions, adjustments to future customer orders, improving the business activities of the administrator and communication with the customer.

III. OBLIGATION TO PROVIDE PERSONAL DATA

  1. It is necessary to provide personal data to the administrator in order to fulfill the rights and obligations arising from the content of the concluded agreement.

IV. PROCESSING TIME

  1. Personal data may be processed by the administrator for the time necessary to fulfill the rights and obligations arising from the concluded agreement, or for the time strictly necessary to resolve disputes originating in the concluded agreement.
  2. Furthermore, personal data can be processed by the administrator for a longer period of time, based on the consent of the user of the website, e.g. for the purpose of sending news and updates (eg newsletter).
  3. If you leave a comment, the comment and its metadata will be stored indefinitely. This is so that we can automatically recognize and approve all subsequent comments, instead of keeping them in the moderation queue.
  4. For users who register on our site (if any), we also store the personal information they provide in their user profile. All users can view, edit or delete their personal information at any time (except their username). Web administrators can also view and edit this information.

V. INSTRUCTIONS TO THE DATA SUBJECTS

Company NAYAVITA s.r.o. informs their customers that they have the right:

  1. Obtain from the Administrator confirmation of whether or not the personal data concerning them are being processed and, if so, have the right to access this personal data and the following information: purposes of processing, categories of personal data concerned, recipients or categories of recipients; the personal data have been or will be disclosed, in particular to recipients in third countries or international organizations, the planned period for which the personal data will be stored or, if this cannot be determined, the criteria used to determine this period, the existence of a right to request rectification or deletion of personal data concerning the data subject or restriction of their processing and / or to object to such processing, the right to lodge a complaint with the supervisory authority.
  2. In order for the Administrator to correct inaccurate personal data concerning them without undue delay. Taking into account the purposes of processing, they have the right to supplement incomplete personal data, including by providing an additional statement.
  3. In order for the Administrator to delete personal data concerning them without undue delay, and the Administrator is obliged to delete personal data without undue delay if one of the following reasons exists: personal data are no longer needed for the purposes for which they were collected or otherwise processed, the customer revokes the consent and there is no other legal title for their processing, the personal data have been processed unlawfully, the personal data must be deleted in order to comply with a legal obligation laid down in Union or Member State law applicable to the controller.
  4. In order for the Administrator to restrict the processing of their personal data if they deny their accuracy for the period of verification by the Administrator, the processing is illegal and they ask the Administrator for limited processing instead of deletion, the data are no longer needed for the purpose of processing, but are needed for legal claims.
  5. That the Administrator, at their request, transfer their personal data to another administrator designated by them.
  6. Raise an objection to the processing of my personal data with the Administrator.
  7. In case of doubts as to whether their personal data are processed by the Administrator in the sense of the above-mentioned legal regulations, contact both the Administrator and the Office for Personal Data Protection.

VI. RECIPIENTS OF PERSONAL DATA

  1. Personal data processed for the fulfillment of obligations arising from special legal regulations may, in justified cases, be transferred by the administrator to law enforcement authorities.
  2. The administrator may also provide the personal data provided by you to the following entities:
    • Data transmission related to information systems management
    • The transfer of data related to the execution of the order, depending on the choice of method of payment and transport, can take place with the companies:
      • Zásilkovna, s.r.o., CZ28408306
      • Balikobot, s.r.o., CZ06283799
      • Česká pošta, s.p., CZ47114983
      • DHL Express (Czech Republic) s.r.o., CZ25683446
      • General Logistics Systems Czech Republic s.r.o., CZ26087961 (if you use shipping by GLS)
      • Hifour s.r.o., CZ47537841 (if you use shipping by Balíkonoš)
      • PPL CZ s.r.o., CZ25194798
      • ComGate Payments, a.s., CZ27924505
    • Transmission of data related to marketing services:
      • Facebook Ireland Limited, IE9692928F
      • Google Ireland Limited, IE6388047V
      • Seznam.cz, a.s., CZ26168685
      • Wysija SARL ‘MailPoet’, FR52538230186

The legal reason here is the fulfillment of obligations arising from the concluded agreement with the data subject, as well as the legitimate interests of the administrator or a third party. Personal data belonging to the group of special categories of personal data are not transferred.

VII. NEWSLETTER SIGN-UP

  1. By subscribing to the newsletter, the user agrees to be sent an e-mail newsletter with information about products, campaigns and discounts.
  2. Furthermore, the user agrees that the Administrator will store his data (name and surname, title, e-mail address) for the purposes of creating and sending a newsletter.
  3. As part of the data processing, the data may be transferred to a processor which is Wysija SARL ‘MailPoet’, FR52538230186
  4. In order to personalize business messages, the Administrator stores data about which links in the newsletter the user has expressed interest in.
  5. In the future, the user can revoke his consent by clicking on the link in the footer of all Newsletters.

VIII. COMMENTS

  1. When visitors leave us comments on the site, we collect the data shown in the comment form, as well as the visitor’s IP address and the user’s browser agent string to detect spam.
  2. Gravatar may be provided with an anonymized string created from your email address (also called a hash) to determine if you are using it.
  3. Gravatar’s privacy policy is available here: https://automattic.com/privacy/. After your comment is approved, your profile picture is visible to the public in the context of your comment.

IX. COOKIES

  1. If you leave a comment on our website, you can log in to store your name, e-mail address and website in cookies. They are used for your convenience so that you do not have to fill in your data again when entering another comment. These cookies will last for one year.
  2. If you visit our login page, we set a temporary cookie to see if your browser accepts cookies. This cookie does not contain any personal information and is closed when you close your browser.
  3. When you log in, we also set several cookies to store your login details and display options on the screen. Login cookies take two days and screen options cookies last for a year.
  4. If you select the “Remember me” option, your login will take two weeks.
  5. If you log out of your account, your login cookies will be deleted.
  6. If you edit or publish an article, another cookie will be stored in your browser. This cookie does not contain any personal information and simply identifies the post ID of the article you just edited. It expires after one day.

In České Budějovice 12.09.2020